pfSense on UP Squared

@vincitytaymodaimo said:
Hello Community,

Anyone made PFSense work reliably on this?

Thanks

Hello! Very embarrassed to say but here's my video of demoing pfSense on the UP Squared at World Marker Faire NY in 2017 (over a year ago).

https://www.youtube.com/watch?v=bZiWFF-E0RI

Back at the time, only the latest pfSense 2.4 Release Candidate would work because of the driver limitations in FreeBSD as they are usually way behind Linux.

The only 1 feature that didn't work with 2.4 RC was the Intel eMMC 5.0 controller. So I had to use the UP^2's SATA6 port to run a tiny SSD drive at the time for the demo (you can see it in the video, where I talk about soldering the wires for the tiny Supermicro SSD module in the video). That limitation is because pfSense is based on FreeBSD is always very far behind on the latest drivers. It would detect it, but wouldn't enable it as a block storage device for the system. There was a FreeBSD bug open at the time that said they didn't have Intel eMMC 5.0 just yet.

Maybe by now, a year later, they finally got the 5 year old Intel eMMC 5.0 specification working on the latest FreeBSD - and maybe pfSense has upgraded (they are usually 1 full version behind the latest FreeBSD).

What was missing in the video was my demo of OpenVPN on pfSense running with AES256 hardware encryption off of the Pentium CPU! I proved it with the openssl commands showing it was using hardware, not software. Without OpenVPN, I was able to download and upload files at around 940-970 Mbps in simultaneous uploads and downloads. With OpenVPN and aes-256-cbc, I got a solid 530-680 Mbps in duplex simutanous upload and download mode - with only 8% CPU usage! Switching to AES 128 CBC I got around 750 to 850 Mbps if memory serves (it was only a quick test).

The AES hardware encryption is a key factor to remember, as pfSense 2.4 (or 2.5?) requires AES hardware encryption going forward. And the UP Squared Pentium version fully supports AES! It was one of the primary reasons I bought it.

Personally, pfSense ran great for a few months for my household. But the UP^2 was just overkill - there was so much more hardware I could use it for such as Kubernetes and VMs and docker. I have since formatted and installed Xen using ArchLinux, where I have created several isolated Untrusted VMs to use as my network devices - it follows the Qubes OS model, somewhat. I need to write some blog posts about that and it's enhanced security.

If you are dead set on pfSense, my recommendation would be to install Xen using ArchLinux (it's so nice to build your machine from scratch), and run pfSense in a Docker container by passing through the two gigabit NICs via PCIe passthrough. Or better yet, look into VyOS instead of pfSense - it's far superior IMO and runs no PHP and is always available in Xen VM and Docker flavors to quickly get up and running.

I tried to get Ubuntu 16.04 LTS' Xen installed but that version of Xen didn't have the drivers for the UP^2 (which is a common problem with Xen on Ubuntu actually for other hardware). However, the ArchLinux releases as of 2017 (as long as I have been using UP products) does support the UP^2 and UP Boards out of the box as-is with eMMC 5.0 and all - and very very nicely I might add! I've updated the ArchLinux wiki on Xen that works with UP Squared as well in UEFI mode.